The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added five vulnerabilities to its KEV Catalog, including a weaponized flaw in Oracle E-Business Suite. These vulnerabilities pose significant threats, with some allowing remote, unauthenticated access or arbitrary code execution. #CISA #OracleEBS #CVE202561884 #CVE202531073 #CVE20252746 #CVE20252747 #CVE202248503
Keypoints
- CISA officially added five security vulnerabilities to its KEV Catalog.
- One critical flaw, CVE-2025-61884, impacts Oracle E-Business Suite and is actively exploited.
- Another high-severity vulnerability, CVE-2025-61882, allows unauthenticated remote code execution in Oracle EBS.
- Four additional vulnerabilities affect Microsoft Windows, Kentico CMS, and Apple JavaScriptCore, with varying exploit states.
- Federal agencies must remediate these vulnerabilities by November 10, 2025, to protect their systems.
Read More: https://thehackernews.com/2025/10/five-new-exploited-bugs-land-in-cisas.html